Skip to content
Snippets Groups Projects

Fix a local-only CPU DoS bug.

Fix a local-only CPU DoS bug.
nickm/arti:socks-read-fix into main
Merged Nick Mathewson requested to merge nickm/arti:socks-read-fix into main

Previously, there was a bug in the way that our code used our SOCKS implementations. If the buffer used for a SOCKS handshake became full without completing the handshake, then rather than expanding the buffer or closing the connection, our code would keep trying to read into the zero-byte slice available in the full buffer forever, in a tight loop.

We're classifying this as a LOW-severity issue, since it is only exploitable by pluggable transports (which are trusted) and by local applications with access to the SOCKS port.

Closes #861 (closed).

Reported-By: Jakob Lell

Merge request reports

Approval is optional

Merged by Nick MathewsonNick Mathewson 1 year ago (May 23, 2023 3:28pm UTC)

Merge details

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply